Saturday, June 23, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
FCC to Seek for Flexible Use of C-band and 6GHz Airwaves
AMD Presents Modular Routing Design for Chiplet-based Systems
Software Business Continues to Work For BlackBerry
Apple Turns to the U.S. Patent Office to Invalidate Qualcomm Patents
Samsung Patents Bezel-less, Notch-free Smartphone Design
China is Home to Most Smartphone Vendors
VidCon 2018: Youtube Announces Memberships, Merchandise as Alternatives to Ads
Chatting With Google Assistant Gets More Natural
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Malware...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, October 05, 2015
Malware Attacks Non-jailbroken Apple iOS Devices


Researchers at Palo Alto Networks have recently discovered 'YiSpecter', a malware ppearing to come from an advertising company in China capable of infecting Apple’s mobile devices.

YiSpecter attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware the researchers have seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities.

So far, the malware primarily affects iOS users in mainland China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion.

YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. The components also use the same name and logos of system apps to trick iOS power users.

On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server. According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months. Some other characteristics about this malware include:

  • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
  • Even if you manually delete the malware, it will automatically re-appear
  • Using third-party tools you can find some strange additional "system apps" on infected phones
  • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show

Moreover, recent research shows that over 100 apps in the App Store have abused private APIs and bypassed Apple’s strict code review. What that means is the attacking technique of abusing private APIs can also be used separately and can affect all normal iOS users who only download apps from the App Store.

Palo Alto Networks has released IPS and DNS signatures to block YiSpecter’s malicious traffic.



Previous
Next
Facebook To Offer Satellite Internet To Africans        All News        European High Court To Issue Privacy Ruling On Tuesday Affecting U.S. Tech Companies
Android 6 Marshmallow Coming On Nexus Devices     Mobiles News      Motorola Outlines Android Marshmallow Update Plans

Get RSS feed Easy Print E-Mail this Message

Related News
iOS 12 Will Automatically Share Your Location with The Police
FBI Says Reboot Your Router to Stop Malware Infecting 500k Devices
Roaming Mantis Malware Infects Smartphones Through Wi-fi Routers
BIOSTAR TB250-BTC D+ Crypto Mining Motherboard Supports 8 GPUs
ZooPark Android Malware Tracks all Your Phone Activities
Microsoft Launches $250,000 Security Bounty
Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak
Telegram Messenger Vulnerability Spread Multipurpose Malware
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
BIOSTAR Introduces 'Plug-and-Mine' Solution for Crypto Mining Motherboards with ethOS USB

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .